How to Buy
This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote VMware ESX host is missing a security-related patch.
a. WebWorks Help - Cross-site scripting vulnerability
WebWorks Help is an output format that allows online Help to be
delivered on multiple platforms and browsers, which makes it easy
to publish information on the Web or on an enterprise intranet.
WebWorks Help is used for creating the online help pages that are
available in VMware WebAccess, Lab Manager and Stage Manager.
WebWorks Help doesn't sufficiently sanitize incoming requests which
may result in cross-site scripting vulnerabilities in applications
that are built with WebWorks Help.
Exploitation of these vulnerabilities in VMware products requires
tricking a user to click on a malicious link or to open a malicious
web page while they are logged in into vCenter, ESX or VMware
Server using WebAccess, or logged in into Stage Manager or Lab
Successful exploitation can lead to theft of user credentials. These
vulnerabilities can be exploited remotely only if the attacker has
access to the Service Console network.
Security best practices provided by VMware recommend that the
Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
Client-side protection measures included with current browsers are not
always able to prevent these attacks from being executed.
VMware would like to thank Daniel Grzelak and Alex Kouzemtchenko of
stratsec (www.stratsec.net) for finding and reporting this issue.
VMware would also like to thank Ben Allums of WebWorks.com for working
on the remediation of this issue with us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2009-3731 to this issue.
See also :
Apply the missing patch.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: VMware ESX Local Security Checks
Nessus Plugin ID: 52012 ()
Bugtraq ID: 37346
CVE ID: CVE-2009-3731
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.